On 4/1/2007, "Vega - Brunello Ivan" <[EMAIL PROTECTED]> wrote: >Did you already tried this? > >It could be useful to have a dual-mode server: >- works as chroot for explicit users >- works as normal when a superuser gets in > >This let me make a full management of the server, and would let basic users >get in with little chance of harming the server. >Is it possible with such patch? Been reading the FAQ, but did not understand >whether or not possible.
There is one issue with applying this to tsl upstream.. it wouldn't work for regular users, without moving all the home dirs. As far as I gathered, if the users homedir i passwd contains a ., the user will be chrooted to the preceding path. For the user to be able to do anything at all, a basic environment will need installing in the chroot, something that either takes an experienced admin, or a very fancy script. As such, barring any issues I'm not aware of (I haven't read the site much), I don't see much of a problem applying this patch, just not have the default setup of the system work with it, and leave it to those who want it to create a chroot and modify the users in question. As for scripts to create chroot, I know there is a package for such a task, used by the tinysofa people to build packages, but I am unable to recall a name. -- Cheers, Morten :wq _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
